From 9da6f023436c62fb338c080ca0dfb3075c4fef8c Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Tue, 11 Jul 2023 23:32:37 +0200 Subject: [PATCH] WIP: start porting release logic to GoReleaser Goals: - _At least_ the publishing of the artifacts in the same formats as previous releases - Reproducable builds - SBOM inclusion - Checksums file inclusion - Cosign - SLSA compliant Signed-off-by: Hidde Beydals --- .gitignore | 3 +- .goreleaser.yaml | 84 ++++++++++++++++++++++++++++++++++++++++++++++++ Makefile | 6 ++-- 3 files changed, 89 insertions(+), 4 deletions(-) create mode 100644 .goreleaser.yaml diff --git a/.gitignore b/.gitignore index d7e97440fc..de453ba269 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ -target +dist/ +target/ Cargo.lock vendor/ coverage.txt diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 0000000000..5ef5fe47a5 --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,84 @@ +# yaml-language-server: $schema=https://goreleaser.com/static/schema.json + +project_name: sops + +# xref: https://goreleaser.com/customization/build/ +builds: + - # ID of the build. + id: "binary" + + # Path to the main.go file or package to build. + main: ./cmd/sops + + # Binary name. + # Can be a path (e.g. `bin/app`) to wrap the binary in a directory. + binary: sops + + # Custom flags. + # Templates can be used here. + # xref: https://goreleaser.com/customization/templates/ + flags: + - -v + - -trimpath + + # Custom ldflags. + # Templates can be used here. + # xref: https://goreleaser.com/customization/templates/ + ldflags: + - -s + - -w + - -X "go.mozilla.org/sops/v3/version.Version={{ .Version }}" + + # Custom environment variables to be set during the build. + # Invalid environment variables will be ignored. + # Templates can be used here. + # xref: https://goreleaser.com/customization/templates/ + env: + - CGO_ENABLED=0 + + # GOOS to build the binary for. + # xref: https://golang.org/doc/install/source#environment + goos: + - linux + - darwin + - windows + + # GOARCH to build the binary for. + # xref: https://golang.org/doc/install/source#environment + goarch: + - amd64 + - arm64 + + # Modified timestamp on the binary, set to ensure reproducible builds. + mod_timestamp: "{{ .CommitTimestamp }}" + +# xref: https://goreleaser.com/customization/verifiable_builds/ +gomod: + # Proxy a module from proxy.golang.org, making the builds verifiable. + # This will only be effective if running against a tag. Snapshots will ignore + # this setting. + proxy: true + + # If proxy is true, use these environment variables when running `go mod` + # commands (namely, `go mod tidy`). + env: + - GOPROXY=https://proxy.golang.org,direct + - GOSUMDB=sum.golang.org + + # Sets the `-mod` flag value. + mod: mod + +# xref: https://goreleaser.com/customization/checksum/ +checksum: + # Template for the checksum file name. + # Templates can be used here. + # xref: https://goreleaser.com/customization/templates/ + name_template: "{{ .ProjectName }}_checksums.txt" + + # Algorithm to be used. + # Accepted options are sha256, sha512, sha1, crc32, md5, sha224 and sha384. + algorithm: sha256 + + # IDs of artifacts to include in the checksums file. + ids: + - binary diff --git a/Makefile b/Makefile index e302a7464f..2a8557eada 100644 --- a/Makefile +++ b/Makefile @@ -2,9 +2,9 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -PROJECT := go.mozilla.org/sops/v3 -GO := GOPROXY=https://proxy.golang.org go -GOLINT := golint +PROJECT := go.mozilla.org/sops/v3 +GO := GOPROXY=https://proxy.golang.org go +GOLINT := golint all: test vet generate install functional-tests origin-build: test vet generate install functional-tests-all